End-to-End Remote Access VPN Configuration Process for ASA
This section provides the end-to-end procedure for configuring remote access VPN on an ASA device onboarded to Security Cloud Control.
To enable remote access VPN for your clients, you need to configure several separate items. The following procedure provides the end-to-end process.
Procedure
Step 1 | Configure the identity source used for authenticating remote users. See Configure Identity Sources for ASA for more information. You can use the following sources to authenticate users attempting to connect to your network using remote access VPN. Additionally, you can use client certificates for authentication, either alone or in conjunction with an identity source.
| ||
Step 2 | (optional) Create ASA Remote Access VPN Group Policies. The group policy defines user-related attributes. You can configure group policies to provide differential access to resources based on group membership. Alternatively, use the default policy for all connections. | ||
Step 3 | |||
Step 4 | |||
Step 5 | (optional) Exempt Remote Access VPN Traffic from NAT. | ||
Step 6 | Review and deploy configuration changes to the devices.
|
What to do next
Next Steps
Once the remote access VPN configuration is downloaded to the ASA devices, the users can connect to your network from a remote location using a computer or other supported iOS or Android device connected to the Internet. You can monitor live AnyConnect remote access VPN sessions from all onboarded ASA remote access VPN head-ends in your tenant. See Monitoring Remote Access Virtual Private Network.